OFAC Nukes MOOCS
Posted by Clif Burns at 8:59 pm on February 25, 2014
Category: Cuba Sanctions • Economic Sanctions • Iran Sanctions • OFAC • Sudan • Syria
I missed this earlier, but back at the end of January, Coursera, a provider of the euphoniously acronymed MOOCs (Massive Open Online Courses) said “No MOOCS for you” to residents of Cuba, Iran, Syria and Sudan who wanted to better themselves by taking online courses such as “Scandinavian Film and Television” or “Buddhism and Modern Psychology.” I certainly sleep better at night now knowing that the Cuban and Iranian threats are not being needlessly augmented by educating Cubans and Iranians on the subtle politics of Borgen or the psychological insights of the Four Noble Truths.
Because the online courses involve feedback, grading and the like, the concern is that these courses are an export of services, forbidden by the current sanctions on these countries, rather than the export of information, which is permitted under the Berman Amendment. Coursera is a little vague in explaining how it just found that out, saying that it “recently received information that has led to the understanding that the services offered on Coursera are not in compliance with the law as it stands” and that prior to that the law was “unclear.”
Coursera has given Syrian students a reprieve by saying that the State Department has told it that OFAC’s Syria General License 11A covers MOOCs for Syria. That license permits non-governmental organizations to export services to Syria in support of education. I’m not clear how Coursera qualifies as an NGO since it is not a non-profit but a for-profit corporation that seeks revenues and profits through its certification programs and sales of textbooks purchased through its affiliate relationship with Amazon. Nor am I quite clear how the State Department has acquired the ability to determine the scope of OFAC licenses.
The company claims that it is weeding out Cubans, Sudanese and Iranians based on IP addresses, apparently not having taken one of their own course on VPNs which would allow an Iranian wannabe student to appear, online at least, as a German or Italian or whatever. And since civil violations of OFAC rules do not require intent, Coursera is still liable if an Iranian is sitting in Iran but using a VPN to appear as if he or she were elsewhere.
This last point underlines a particular stupidity of applying a 19th century sanctions philosophy to a 21st century Internet where there are no borders. If an Iranian student is, in fact, sitting with his or her laptop in Germany, it would not be illegal for Coursera to provide its services to that student. It is only illegal when the student is in fact physically located in Iran. Now if you can identify a sensible policy which explains why it is more dangerous to teach an Iranian about Scandinavian TV while in Iran than it is in Germany, then you are much more clever than I am.
Name That Country!
Posted by Clif Burns at 6:31 pm on December 18, 2013
Category: BIS • DoJ • Sanctions • Syria
The Securities and Exchange Commission just released on Monday, according to this article, correspondence that it had with Dell regarding an on-going investigation by Dell, the DOJ, and the Bureau of Industry and Security (“BIS”) regarding sales of Dell computers to Syria. These sales were made by a Dell distributor based in the U.A.E. In that correspondence, Dell indicated that it was conducting an internal investigation with outside counsel into sales by one of its Dubai-based distributors, was regularly communicating with the U.S. Attorney regarding that investigation, and had responded to a BIS subpoena requesting information about the sales in question. The company said that the investigation was not yet complete so that the company could not yet respond to the SEC’s questions as to whether Dell had any liability under U.S. export and sanctions law arising from the distributor’s sales to Syria.
The company, however, did try to suggest that it might not be liable because of a clause it cited in its distribution agreement:
Distributor acknowledges that Products licensed or sold hereunder or in respect of which services (including Dell Branded Services) are provided, which may include software, technical data and technology, are subject to the export control laws and regulations of the USA, the European Union, the Territory in which Distributor operates and the territory from which they were supplied, and that Distributor will abide by such laws and regulations. Distributor confirms that it will not export, re-export or trans-ship the Products, directly or indirectly, … to … any countries that are subject to the USA’s or those other relevant territories’ export restrictions or any national thereof … .
To paraphrase someone else, I guess you go to war with the language you have — that is to say, this language is hardly ideal. It relies on the distributor to know what countries are subject to U.S. export restrictions. Do you really think that a distributor in the U.A.E. is aware of the details of U.S. sanctions programs or even which countries are on the current U.S. bad country list? Probably not.
I certainly do not mean to imply that Dell has criminal or civil liability because of this drafting issue. Rather, my point only is that companies should be explicit in these clauses about which countries are subject to sanctions and to affirmatively advise distributors in writing when those countries change. Don’t count on your distributor to know who the U.S. has sanctioned anymore than you would count on him to know the name of last year’s winner of American Idol.
Syria Sanctions Loosened To Benefit Rebels and Civilian Population
Posted by Clif Burns at 9:04 pm on June 13, 2013
Category: BIS • OFAC • Syria
ABOVE: Destruction in Homs, Syria
Just as the Assad government appears to be gaining ground back from the rebels, the White House announced certain measures loosening the sanctions on Syria. Yesterday, BIS issued a notice on its website that it would begin processing licenses for exports of certain goods related to reconstruction of infrastructure in areas held by the rebels. Specifically, the agency indicated that license applications would be accepted for commodities, technology and software related to
water supply and sanitation, agricultural production and food processing, power generation, oil and gas production, construction and engineering, transportation, and educational infrastructure. . . .
BIS promised that implementing regulations “shortly” but indicated that applications could be filed “immediately.”
Similarly, OFAC released a Statement of Policy permitting the export of a somewhat narrower group of services. The Statement of Policy indicates that OFAC will consider on a case-by-case basis applications to permit services in the Syrian telecommunication industry to enable private persons to better access the Internet and in the agricultural sector. Certain petroleum transactions benefiting the rebel forces may also be authorized. Finally, OFAC revised Syria General License 11 and replaced it with General License 11A authorizing NGOs to engage in certain activities designed to preserve the cultural heritage of Syria including museums, historic buildings and archaeological sites.
On the Internet, Nobody Knows You’re a Syrian
Posted by Clif Burns at 7:59 pm on May 14, 2013
Category: OFAC • Syria
According to this report, Network Solutions in April seized over 700 domain names relating to Syria. Among these were sites used by the Syrian Electronic Army, a pro-Assad hacker group that has achieved some notoriety for taking over the AP’s Twitter account and pushing out a false tweet about alleged explosions at the White House. They also hacked The Onion’s Twitter account which led to this memorable story and headline on the satire site: “Syrian Electronic Army Has A Little Fun Before Inevitable Upcoming Death At Hands of Rebels.” All of the domains now show the owner as “OFAC Holding.” A complete list can be found here.
Frequent readers of this blog will no doubt be aware that OFAC has issued a series of general licenses permitting provision in sanctioned countries of services incident to personal communications over the Internet. However, General License No. 5 for Syria explicitly excludes from the General License “domain name registration services.”
Of course, shutting down the sites now does not negate the violation that occurred in providing these web hosting services to Syria in the first place. And a large part of the problem here is that domain services are normally provided without any human involvement. A registrant fills out a web form, hands over a credit card number to pay for the annual fee, and a computer program takes care of the rest. Add to that, as the famous New Yorker cartoon caption suggests, “on the Internet, nobody knows you’re a dog.” It is simply not clear how Network Solutions could screen out every registration from an embargoed country. Instead, it seems the best an Internet registrar can do is shut down the domain names once it learns of the problem.
The big questions, then, are this: does Network Solutions have a voluntary disclosure pending at OFAC on this and what will OFAC’s response be?
Snooping on the Snoopers
Posted by Clif Burns at 6:02 pm on May 2, 2013
Category: BIS • Syria
ABOVE: Computerlinks FZCO
HQ, DSO Building, Dubai
The Dubai subsidiary of Munich-based Computerlinks recently agreed to pay $2.8 million dollars to the Bureau of Industry and Security (“BIS”) to settle charges that the Dubai subsidiary exported sophisticated Internet surveillance software to Syria without the required licenses. BIS had previously placed one individual and one company in the U.A.E. on the entity list in connection with the unlicensed export of these Internet devices to Syria
The charging documents are unusually detailed and reveal what appears to have been a systematic effort by the Dubai subsidiary to lie to Blue Coat, the manufacturer of the devices, about the ultimate destination of the equipment. One of the exports at issue was described as follows:
On or about October 29,2010, Computerlinks FZCO placed an order with Blue Coat for eight devices used to monitor and control web traffic along with accompanying equipment and software. Computerlinks FZCO falsely stated that the items were intended for the Iraq Ministry of Telecom, concealing the fact that the items actually were destined for Syria. Upon receiving the order, Blue Coat reexported the items from its facility in the Netherlands to Computerlinks FZCO in the U.A.E. On or about December 15, 2010, Computerlinks FZCO directed the items’ transfer within the U.A.E. for their subsequent shipment to Syria for use by the state-run Syrian Telecommunications Establishment (STE).
This is one of the highest fines BIS has ever imposed, ranking, by my count, only behind the $15 million imposed on Balli Aviation and related companies in 2010. This is due, in part, to the fact that this violation was not voluntarily disclosed. In fact, judging from the gleeful and somewhat self-serving press release from Blue Coat commending BIS for whacking Computerlinks, it is reasonable to assume that Blue Coat discovered the diversion and dropped the dime on Computerlinks.
No doubt Blue Coat discovered the diversion because the devices that Syria used to snoop on its citizens were probably also snooping on Syria at the same time. And you have to be more than a little surprised that the people at the Dubai subsidiary of Computerlinks were too stupid to realize that this would happen.